| 2020-02-11 14:16:11 |
Matthias Klose |
bug |
|
|
added bug |
| 2020-02-11 14:16:22 |
Matthias Klose |
python-tabulate (Ubuntu): importance |
Undecided |
High |
|
| 2020-02-11 14:17:02 |
Matthias Klose |
python-tabulate (Ubuntu): assignee |
|
Ubuntu OpenStack (ubuntu-openstack) |
|
| 2020-02-11 14:17:12 |
Matthias Klose |
bug |
|
|
added subscriber MIR approval team |
| 2020-02-12 10:34:05 |
James Page |
description |
[MIR] python-tabulate (dependency of cinder) |
[Availability]
In universe
[Rationale]
Taken from the upstream commit that makes this change:
PrettyTable is no longer maintained and the last release was in 2013.
There are starting to be deprecation warnings emitted with newer Python
releases.
Various attempts to revive a fork haven't gained much traction. A common
recommendation is to move away from PrettyTable to tabulate. This
switches our usage to a close equivalent using that library instead.
[Security]
No security history
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tabulate
[Quality assurance]
Package has unit tests which are run as part of the package build.
[Dependencies]
All in main
[Standards compliance]
OK-ish - simple package but not updated to latest Standards-Version
[Maintenance]
Not that well maintained in Debian - last update was an NMU in October 2019 to remove Py2 support. More recent updates in Ubuntu to bump version and execute unit tests as part of package builld.
[Background information]
tabulate provides similar function to prettytable - however not all openstack projects have made the switch and there are other reverse-depends in main for python3-prettytable:
$ reverse-depends -c main python3-prettytable
Reverse-Depends
* ceph-common [amd64 arm64 armhf ppc64el s390x]
* python3-automaton
* python3-blazarclient
* python3-ceilometerclient
* python3-cinder
* python3-cinderclient
* python3-cliff
* python3-futurist
* python3-glance
* python3-glanceclient
* python3-heatclient
* python3-magnumclient
* python3-manilaclient
* python3-monascaclient
* python3-nova
* python3-novaclient
* python3-oslo.upgradecheck
* python3-osprofiler
* python3-seamicroclient
* python3-senlinclient
* python3-troveclient
That said it formats output for python applications so would be considered fairly low risk from a security perspective so having two similar pkgs in main but be more palatable. |
|
| 2020-02-12 10:34:10 |
James Page |
python-tabulate (Ubuntu): status |
Incomplete |
New |
|
| 2020-02-12 10:34:13 |
James Page |
python-tabulate (Ubuntu): assignee |
Ubuntu OpenStack (ubuntu-openstack) |
|
|
| 2020-02-13 09:15:45 |
Christian Ehrhardt |
python-tabulate (Ubuntu): status |
New |
Incomplete |
|
| 2020-02-13 16:19:47 |
James Page |
python-tabulate (Ubuntu): assignee |
|
Ubuntu Security Team (ubuntu-security) |
|
| 2020-02-14 06:26:52 |
Christian Ehrhardt |
python-tabulate (Ubuntu): status |
Incomplete |
New |
|
| 2020-03-17 13:25:28 |
James Page |
python-tabulate (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2020-03-17 13:25:59 |
James Page |
python-tabulate (Ubuntu): status |
New |
Fix Committed |
|
| 2020-03-19 15:31:29 |
Matthias Klose |
python-tabulate (Ubuntu): status |
Fix Committed |
Fix Released |
|
